hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-17424) Protect REST client against malicious XML responses.
Date Wed, 04 Jan 2017 20:43:58 GMT
Josh Elser created HBASE-17424:

             Summary: Protect REST client against malicious XML responses.
                 Key: HBASE-17424
                 URL: https://issues.apache.org/jira/browse/HBASE-17424
             Project: HBase
          Issue Type: Bug
          Components: REST
            Reporter: Josh Elser
            Assignee: Josh Elser
             Fix For: 2.0.0, 1.3.0, 1.4.0, 1.2.5, 1.1.9

If, by some means, an unsuspecting REST server client would get a malformed response from
the REST server, it could result in the client performing some unintended action from the
XML parsing.

We should disable these extra options on the XML parser to prevent the possibility.

This message was sent by Atlassian JIRA

View raw message